If you haven’t updated WhatsApp on your phone yet, security experts around the world are urging users to update the popular messaging app or risk having hackers access their files, messages or carry out a Denial of Service (DoS) or Remote Code Execution (RCE) attack.
What’s especially dangerous about RCE is that it allows threat actors to attack devices remotely without any kind of authentication.
Facebook recently posted a security advisory regarding the bug, which it called “stack-based buffer overflow” which could be triggered by sending a specially crafted MP4 file to a WhatsApp user.
One way for users to mitigate the threat is to avoid opening messages or files sent by unknown contacts. However, it’s entirely possible that the malicious video files could come from your own trusted contacts who unwittingly forward them.
The WhatsApp vulnerability, CVE-2019-11931, has been rated at 7.8 on the CVE scale, meaning that it is a high-risk vulnerability. It affects Android, iOS as well as Windows Phone users of not just regular WhatsApp, but also WhatsApp for Business and WhatsApp for Enterprise.
WhatsApp is currently the most popular messenger app globally with more than 1.5 billion monthly active users.
This announcement comes just over a month after WhatsApp’s last “update now” warning to users following a previous bug which allowed an attacker to use a malicious GIF image file to access user content on an exploited smartphone.
Just a few weeks ago, there were also reports that “unknown entities” were using an Israeli spyware called Pegasus to hack into the phones of around 1,400 users (including diplomats, political dissidents, journalists and senior government officials), to spy on them by exploiting WhatsApp’s video calling system.
Users with the latest build of WhatsApp are safe and WhatsApp has since issued a security update to fix the bug. The various vulnerabilities should remind you to always be vigilant about updates and to keep your apps and software current because vulnerabilities are known to happen all the time.